hectoday
DocsCoursesChangelog GitHub
DocsCoursesChangelog GitHub

Access Required

Enter your access code to view courses.

Invalid code

← All courses

Testing Auth and Security with @hectoday/http

Write tests that catch security bugs before attackers do. Test login flows, session management, authorization boundaries, rate limiting, token security, and input handling — all with plain functions and Node.js test runner.

Intermediate ~4 hours

Why Auth Tests Are Different

  1. Testing Security, Not Just Functionality
  2. Project Setup

Testing Authentication

  1. Testing Login Flows
  2. Testing Sessions and Cookies
  3. Testing 2FA Flows

Testing Authorization

  1. Testing Access Boundaries
  2. Testing API Keys and Scopes

Testing Security Properties

  1. Testing Rate Limiting and Lockout
  2. Testing Token Security
  3. Testing Input Handling

Putting It Together

  1. A Security Test Suite

© 2026 hectoday. All rights reserved.